Oracle JRE – class: – Same-of-Origin (SOP) Policy Bypass Vulnerability

Users of Oracle JRE class please be advised of a Same-of-Origin (SOP) Policy Bypass vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (

Oracle-SA-10/19/2010: Oracle JRE – class – Same-of-Origin (SOP) Policy Bypass


+———–+ discovered that a Java Applet

making use of class can be used

to bypass same-of-origin (SOP) policy and domain based

security controls in modern browsers when communication

occurs between two domains that resolve to the same IP

address. This advisory includes a Proof-of-Concept

(PoC) demo and a Java Applet source code, which

demonstrates how this security can be exploited to leak

cookie information to an unauthorised domain, which

resides on the same host IP address.